By this point, you should have already read the Part-1 and Part-2 of this series. In this tutorial, we’ll create the EC2 instances inside the VPC that we have created in Part-1, Security Group & EC2 Key Pair created in Part-2 and also add them inside the ELB, all with Ansible.
If you have completed the previous parts of this series, then you have already clone the git repo that contains all the roles, if not then clone the git repo:
git clone https://github.com/arbabnazar/ansible-aws-roles.git
Modified the aws.yml playbook to add the desired roles:
May be, you have already noticed that we have also added the vpc,ec2sg and ec2key roles in the playbook, it will not re-create all this, if you have created them in the previous parts, because Ansible is idempotent.
Review/modify the variable file for EC2 Instance, see roles/ec2instance/defaults/main.yml:
Also review/modify the variable file for ELB, see roles/elb/defaults/main.yml:
We need to modify the values of all the variables that are uppercase. For this, we’ll set them in the external file(in my case, it is secret.yml) which already contains our VPC,Security Groups and EC2 Key Pair variables:
This file must keep in secret place and encrypt with ansible vault.
Once you are all set with the variables, then run this command if you have added the vpc, security group and ec2 key pair roles in the playbook:
ansible-playbook -i inventory/hosts aws.yml -e@secret_vars/secret.yml
Else use this command if you have not added the vpc,security group and ec2 key pair roles in the playbook:
ansible-playbook -i inventory/hosts aws.yml-e@secret_vars/secret.yml -e@secret_vars/rbgeek-dev.yml
After successful completion of playbook, login to the AWS Web Console and verify the resources:
We have set the count: 1 inside the secret.yml file and it has created the one EC2 instance in all the public subnets that we have created in Part-1 of this series.
EC2 instance registration got failed inside the ELB because ELB checked port 80 and EC2 instance didn’t have any service that listened on this port, to overcome this problem, we have installed the nginx during EC2 creation by passing the user data inside the ec2instance role:
sudo apt-get install nginx -y
You may have noticed that we have enabled the SSL Certificate on ELB, if you have valid SSL certificate that’s really good else use these steps to generate Self-signed SSL Certificate to use with ELB for testing purpose:
openssl genrsa -des3 -out tendo.org.key 1024
openssl req -nodes -newkey rsa:2048 -keyout tendo.org.key -out tendo.org.csr
cp tendo.org.key tendo.org.key.org
openssl rsa -in tendo.org.key.org -out tendo.org.key
openssl x509 -req -days 365 -in tendo.org.csr -signkey tendo.org.key -out tendo.org.crt
openssl rsa -in tendo.org.key -outform PEM > tendokey.pem
openssl x509 -inform PEM -in tendo.org.crt > tendo.crt
Upload the SSL Certificate on AWS using awscli:
aws iam upload-server-certificate --server-certificate-name tendo-crt
--certificate-body file://tendo.crt --private-key file://tendokey.pem
Once uploaded successfully, get it’s arn using this command:
aws iam list-server-certificates
After finish with your testing, delete the SSL Certificate using this command:
aws iam delete-server-certificate --server-certificate-name tendo-crt
Extra Info: I have written a simple filter plugin to find information about ec2 instances like id and ip address.
– EC2 instances ids are needed to add them inside the ELB
– EC2 instance ip addresses are needed to add them inside the inventory
Hope this will help you!
Please Remember me in your prayers!
In next post, we’ll create the RDS Instance using these resources.